Merge pull request #2 from ninoseki/improve-notification

feat: improve Slack notification
ninoseki · May 22, 2019 · 49ba1e2 · 49ba1e2
2 parents 04557b1 + b8e7610
commit 49ba1e2
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 19 deletions.
diff --git a/lib/urlhaus_monitor/entry.rb b/lib/urlhaus_monitor/entry.rb
@@ -32,38 +32,69 @@ def defanged_url
     end
 
     def defanged_host
-      @defanged_host ||=  host.gsub(/\./, "[.]")
+      @defanged_host ||= host.gsub(/\./, "[.]")
+    end
+
+    def title
+      "#{defanged_url} (#{defanged_host} / #{ip_address} / #{date_added}) : #{threat}"
     end
 
     def vt_link
-      "https://www.virustotal.com/#/domain/#{host}"
+      return nil unless _vt_link
+
+      {
+        type: "button",
+        text: "Lookup on VirusTotal",
+        url: _vt_link,
+      }
+    end
+
+    def urlscan_link
+      return nil unless _urlscan_link
+
+      {
+        type: "button",
+        text: "Lookup on urlscan.io",
+        url: _urlscan_link,
+      }
     end
 
     def urlhaus_link
-      "https://urlhaus.abuse.ch/host/#{host}/"
+      return nil unless _urlhaus_link
+
+      {
+        type: "button",
+        text: "Lookup on URLhaus",
+        url: _urlhaus_link,
+      }
     end
 
-    def title
-      "#{defanged_url} (#{defanged_host} / #{ip_address}) (#{date_added})"
+    def actions
+      [vt_link, urlscan_link, urlhaus_link].compact
     end
 
     def to_attachements
       [
         {
-          fallback: "urlhaus link",
-          title: defanged_host,
-          title_link: urlhaus_link,
-          footer: "urlhaus.abuse.ch",
-          footer_icon: "http://www.google.com/s2/favicons?domain=urlhaus.abuse.ch"
-        },
-        {
-          fallback: "vt link",
-          title: defanged_host,
-          title_link: vt_link,
-          footer: "virustotal.com",
-          footer_icon: "http://www.google.com/s2/favicons?domain=virustotal.com"
+          text: defanged_host,
+          fallback: "VT & urlscan.io links",
+          actions: actions
         }
       ]
     end
+
+    private
+
+    def _vt_link
+      "https://www.virustotal.com/#/domain/#{host}"
+    end
+
+    def _urlscan_link
+      "https://urlscan.io/domain/#{host}"
+    end
+
+    def _urlhaus_link
+      "https://urlhaus.abuse.ch/host/#{host}/"
+    end
   end
 end
diff --git a/spec/entry_spec.rb b/spec/entry_spec.rb
@@ -50,10 +50,10 @@
   end
 
   describe "#to_attachements" do
-    it "should reeturn a defanged url" do
+    it do
       attachements = subject.to_attachements
       attachements.each do |attachement|
-        expect(attachement.dig(:title)).to be_a(String)
+        expect(attachement.dig(:text)).to be_a(String)
       end
     end
   end